apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: openstack patches: - patch: |- apiVersion: core.openstack.org/v1beta1 kind: OpenStackControlPlane metadata: name: unused spec: barbican: template: barbicanAPI: defaultConfigOverwrite: barbican-api-paste.ini: | [composite:main] use = egg:Paste#urlmap /: barbican_version /healthcheck: healthcheck /v1: barbican-api-keystone-audit # Use this pipeline for Barbican API - versions no authentication [pipeline:barbican_version] pipeline = cors http_proxy_to_wsgi microversion versionapp # Use this pipeline for Barbican API - DEFAULT no authentication [pipeline:barbican_api] pipeline = cors http_proxy_to_wsgi unauthenticated-context microversion apiapp #Use this pipeline to activate a repoze.profile middleware and HTTP port, # to provide profiling information for the REST API processing. [pipeline:barbican-profile] pipeline = cors http_proxy_to_wsgi unauthenticated-context microversion egg:Paste#cgitb egg:Paste#httpexceptions profile apiapp #Use this pipeline for keystone auth [pipeline:barbican-api-keystone] pipeline = cors http_proxy_to_wsgi authtoken context microversion apiapp #Use this pipeline for keystone auth with audit feature [pipeline:barbican-api-keystone-audit] pipeline = http_proxy_to_wsgi authtoken context microversion audit apiapp [app:apiapp] paste.app_factory = barbican.api.app:create_main_app [app:versionapp] paste.app_factory = barbican.api.app:create_version_app [filter:simple] paste.filter_factory = barbican.api.middleware.simple:SimpleFilter.factory [filter:unauthenticated-context] paste.filter_factory = barbican.api.middleware.context:UnauthenticatedContextMiddleware.factory [filter:context] paste.filter_factory = barbican.api.middleware.context:ContextMiddleware.factory [filter:microversion] paste.filter_factory = barbican.api.middleware.microversion:MicroversionMiddleware.factory [filter:audit] paste.filter_factory = keystonemiddleware.audit:filter_factory audit_map_file = /etc/barbican/api_audit_map.conf use_oslo_messaging = false log_name = barbican.audit [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory [filter:profile] use = egg:repoze.profile log_filename = myapp.profile cachegrind_filename = cachegrind.out.myapp discard_first_request = true path = /__profile__ flush_at_shutdown = true unwind = false [filter:cors] paste.filter_factory = oslo_middleware.cors:filter_factory oslo_config_project = barbican [filter:http_proxy_to_wsgi] paste.filter_factory = oslo_middleware:HTTPProxyToWSGI.factory [app:healthcheck] paste.app_factory = oslo_middleware:Healthcheck.app_factory backends = disable_by_file disable_by_file_path = /etc/barbican/healthcheck_disable [server:main] use = egg:gunicorn#main cinder: template: cinderAPI: customServiceConfig: | [DEFAULT] api_paste_config = "/etc/cinder/custom/api-paste.ini" extraMounts: - name: audit-config-files region: r1 extraVol: - mounts: - mountPath: /etc/cinder/custom name: audit readOnly: true volumes: - name: audit secret: secretName: cinder-audit-config-secret glance: template: customServiceConfig: | [DEFAULT] enabled_backends = default_backend:swift [glance_store] default_backend = default_backend [default_backend] swift_store_create_container_on_put = True swift_store_auth_version = 3 swift_store_auth_address = {{ .KeystoneInternalURL }} swift_store_endpoint_type = internalURL swift_store_user = service:glance swift_store_key = {{ .ServicePassword }} [paste_deploy] config_file = /etc/glance/custom/glance-api-paste.ini extraMounts: - name: audit-config-files region: r1 extraVol: - mounts: - mountPath: /etc/glance/custom name: audit readOnly: true volumes: - name: audit secret: secretName: glance-audit-config-secret keystone: template: customServiceConfig: | [DEFAULT] notification_opt_out="" [oslo_messaging_notifications] driver = messagingv2 driver = log neutron: template: customServiceConfig: | [DEFAULT] api_paste_config = /etc/neutron/custom/api-paste.ini extraMounts: - extraVol: - mounts: - mountPath: /etc/neutron/custom name: audit readOnly: true volumes: - name: audit secret: secretName: neutron-audit-config-secret nova: template: apiServiceTemplate: defaultConfigOverwrite: api-paste.ini: | ############ # Metadata # ############ [composite:metadata] use = egg:Paste#urlmap /: meta [pipeline:meta] pipeline = cors http_proxy_to_wsgi metaapp [app:metaapp] paste.app_factory = nova.api.metadata.handler:MetadataRequestHandler.factory ############# # OpenStack # ############# [composite:osapi_compute] use = call:nova.api.openstack.urlmap:urlmap_factory /: oscomputeversions /v2: oscomputeversion_legacy_v2 /v2.1: oscomputeversion_v2 /v2/+: openstack_compute_api_v21_legacy_v2_compatible /v2.1/+: openstack_compute_api_v21 [composite:openstack_compute_api_v21] use = call:nova.api.auth:pipeline_factory_v21 keystone = cors http_proxy_to_wsgi compute_req_id faultwrap request_log sizelimit osprofiler authtoken keystonecontext audit osapi_compute_app_v21 noauth2 = cors http_proxy_to_wsgi compute_req_id faultwrap request_log sizelimit osprofiler noauth2 audit osapi_compute_app_v21 [composite:openstack_compute_api_v21_legacy_v2_compatible] use = call:nova.api.auth:pipeline_factory_v21 keystone = cors http_proxy_to_wsgi compute_req_id faultwrap request_log sizelimit osprofiler authtoken keystonecontext legacy_v2_compatible audit osapi_compute_app_v21 noauth2 = cors http_proxy_to_wsgi compute_req_id faultwrap request_log sizelimit osprofiler noauth2 legacy_v2_compatible audit osapi_compute_app_v21 [filter:request_log] paste.filter_factory = nova.api.openstack.requestlog:RequestLog.factory [filter:compute_req_id] paste.filter_factory = nova.api.compute_req_id:ComputeReqIdMiddleware.factory [filter:faultwrap] paste.filter_factory = nova.api.openstack:FaultWrapper.factory [filter:noauth2] paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory [filter:osprofiler] paste.filter_factory = nova.profiler:WsgiMiddleware.factory [filter:sizelimit] paste.filter_factory = oslo_middleware:RequestBodySizeLimiter.factory [filter:http_proxy_to_wsgi] paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory [filter:legacy_v2_compatible] paste.filter_factory = nova.api.openstack:LegacyV2CompatibleWrapper.factory [app:osapi_compute_app_v21] paste.app_factory = nova.api.openstack.compute:APIRouterV21.factory [pipeline:oscomputeversions] pipeline = cors faultwrap request_log http_proxy_to_wsgi oscomputeversionapp [pipeline:oscomputeversion_v2] pipeline = cors compute_req_id faultwrap request_log http_proxy_to_wsgi oscomputeversionapp_v2 [pipeline:oscomputeversion_legacy_v2] pipeline = cors compute_req_id faultwrap request_log http_proxy_to_wsgi legacy_v2_compatible oscomputeversionapp_v2 [app:oscomputeversionapp] paste.app_factory = nova.api.openstack.compute.versions:Versions.factory [app:oscomputeversionapp_v2] paste.app_factory = nova.api.openstack.compute.versions:VersionsV2.factory ########## # Shared # ########## [filter:cors] paste.filter_factory = oslo_middleware.cors:filter_factory oslo_config_project = nova [filter:keystonecontext] paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory [filter:audit] paste.filter_factory = keystonemiddleware.audit:filter_factory audit_map_file = /etc/pycadf/nova_api_audit_map.conf use_oslo_messaging = false log_name = nova.audit target: kind: OpenStackControlPlane